You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

According to user Kenoindallas, he did pretty much what I am suggesting and seemed like it worked...whether or not you think it will work, I am simply looking for a method by which I can recover the old registry file/list. I see where you're coming from but Kenoindallas's account leaves me with some hope.

I am running Windows 7.

You can use ShadowExplorer to pick a previous restore point

Within that restore point, browse to the user's registry hive (C:\Users\[username]\NTUSER.DAT)

BC AdBot (Login to Remove)

From what I can cull from all of this is that the malware was installed via an executable diguised as a pdf, as well as the software to retrieve the payment and the decryption key which could be remotely activated by the hackers.

My question is whether or not there was also a security breach - i.e., did the hackers gain access to the data?

The pc I had quarantined.. I used the kaspersky rescure disk to remove the infection itself. Then I used the reg editor on the rescue disk... ( Gave me access to all of the profiles) I found the reg entry and exported to the jump drive I booted from. Removed the infection etc..

Copied the reg key to my computer - It was 9.3 megs!!!! I was confused... Renamed the regkey to a txt file... below is an excerpt of what I found in the reg key:

Does anyone know an effective way to get the cryptolocker screen to come up? I have the red BMP on the desktop but no program launching. I'm afraid Symantec may have shut it down, but removing the items from Quarantine isn't getting the program to launch.

So. on Saturday the virus was actively encypting files when I got to the PC. I disconnected the share which immediately kicked on the message about payment. I went to Walgreens, got the card, and paid. It told me to wait for manual verification, blah blah blah. I left join.me running on the machine so i could monitor it's progress remotely. couple hours later files start decrypting. Then, due I think in part to a component of Symantec that I had stopped but not disabled kicking in, Funny it wasn't able to prevent this but it is trying to prevent me from fixing it. Due to the security of the building I could not get back in until this morning. The REG keys are still there with the list of files but I can't get the virus to kick back on. I'm even willing to PAY AGAIN if I have to (and I'm thinking I will). but the damn thing won't re-infect. Every time I try to save a file that's infected with the virus on the computer it disappears. (I've completely disabled Symantec this tims and renamed the file folders in case something tries to start up again!) Am I doing it wrong, do I just need to wait, or does cryptolocker think I'm done with it and made my PC immune to it's own virus???

This is my last shot at getting some of these files back and while I admit to being a bad IT person and I'm not smarter than a 5th grader, I don't know what to do.

This is going to sound bizarre, but could someone tell me where I can download this virus?

I own an IT company and recently came across this virus on a new client's computer (one that has not hired me to maintain computers/backups). It has struck the fear of God into me because I am responsible for maintaining the backups of many companies, and this virus has made me question whether or not my practices are capable of standing up to this threat. The client that contracted this had a local external HDD backup, which got encrypted along with all of their other files, so they were completely hosed. My backup plan goes a lot deeper than that, of course, but I just want to do some testing on my bench machines to see how this virus operates, what it targets and how I can be sure that my clients are protected.